Story of Account Takeover : Using Social Login with Mass Assignment Vulnerability to hack accounts !

Vulnerability Background:

What is Mass Assignment Vulnerability in APIs?

Reproduction Steps:

  1. Click on login with Facebook button in the app.
  2. Intercept the request using Burp Suite.
  3. After authorizing the App on Facebook a HTTP Request was initiated by the app.

HTTP REQUEST:

Response from the company:

--

--

--

I am a Security Researcher and Bug Hunter. Passionate about Web & Mobile Security Vulnerabilities

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

On CRM: The Biggest Problem With The Cloud Isn’t Security-It’s This

Troubleshooting Intra-Org SMTP Traffic Issues (and disabling Cisco ASA ESMTP Inspection)

How to root Bluboo B7000

Root LG Phone

Principles of Security | TryHackMe (THM)

Coinbase pro support number【+ 1 (866)-579–1974】

{UPDATE} Недетская игра Hack Free Resources Generator

📢🔥New Feature Reward Campaign | Earn Rewards by Using AutoPeriod Feature on SmartSwap

On Pre Op Hackers

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mohammad Kaif

Mohammad Kaif

I am a Security Researcher and Bug Hunter. Passionate about Web & Mobile Security Vulnerabilities

More from Medium

Breaking Parser Logic Gain Access To NGINX Plus API — Read/Write Upstreams.

Log4j Vulnerability Cheatsheet

InSecure Design Vulnerabilities: What are they and Why they Occurs

Basic CSRF